Digital Trust: What GRC Success Really Looks Like In 2019

Bruce Romney and Bruce McCuaig

Throughout the last decade, the concept of governance, risk, and compliance (GRC) has been viewed as an integrated collection of business functions, capabilities, and processes governed to meet specific objectives. Today, however, businesses are demanding much more from their GRC programs.

More than ever, all aspects of the business are evolving operations and infrastructure in response to market dynamics, new “digital-first” competitors, and changing customer expectations. For companies and regulators, according to the PwC Digital Trust Insights survey, addressing these emerging challenges requires new mechanisms that build confidence in their ability to handle risk, compliance, and security.

When businesses accomplish these objectives well, they are positioned to excel in security, reliability, automation, and privacy. But first, they need to integrate GRC with the rest of the business to build a level of digital trust in terms of data accuracy and reliable business processes. Otherwise, the business cannot successfully manage rising volatility, uncertainty, complexity, and ambiguity around today’s geopolitical, regulatory, and economic conditions.

Welcome to the era of connected GRC and security intelligence

Business activities, decisions, processes, and transactions are generating and extracting an overwhelming volume of data, thanks to the mass adoption of cloud, Big Data, and mobile technologies. And most companies are beginning to see that processing and combining data points can deliver meaningful insights that support the entire company’s operations with unprecedented visibility and agility.

GRC has the potential to become a manageable dimension of the business – parallel to other functional areas like human resources, supply chain management, IT, and finance. Organizations can succeed in integrating GRC activities when they improve resource allocation, make business decisions intelligently, and accelerate growth focused on delivering value.

Here are four examples of how GRC can deliver intelligence that is shared across all areas represented in the boardroom:

  • Human resources. Changes in regulation, trade policies, and geopolitical relationships can dictate everything from hiring strategies and workforce classification to employee compliance with internal intellectual property disclosure rules. We are now seeing HR organizations freeze hiring as finance waits to see how tariff policies impact operational costs. Heavy fines due to misclassification of contingent workers are on the rise, and dramatically stricter data protection and privacy laws are proliferating.
  • Supply chains. Shifting economic and political conditions can negatively influence markets. Examples fromthe crisis in Ukraine, uncertainty with Brexit, and US trade relations with Mexico and Canada show that market consolidation, trade restrictions, and shifting sources of essential supplies can increase competition and pressure on profitability.
  • Product development. The combination of accelerating technology changes and their unknown influence can seriously undermine traditional risk management in product development. The digitalization of media, 3D printing, person-to-person services such as Uber, and many other technical advances offer untested challenges to organizations ill-equipped to monitor and respond quickly to qualitatively new products and services.
  • IT. Cyberattacks have the potential to significantly disrupt core business operations or render them obsolete. From monumental breaches of customer data to the hacking of income tax documents, all organizations – even those with exceptional levels of investment and experience in information security – are vulnerable to malicious external and internal attacks.

Digital trust matters to intelligent GRC and security

When GRC and security programs become truly intelligent and effective, organizations such as finance are able to work with the rest of the boardroom to ensure that GRC and security processes are developed and applied consistently across the enterprise. This requirement calls not only for connected business applications and processes but also core GRC activities powered by five basic digital capabilities.

  1. Intelligent monitoring and reporting with instant, real-time insight and prediction based on accurate live data
  1. Increased performance with in-memory technology allowing for previously impractical monitoring scenarios to become the norm
  1. Greater productivity with extensive opportunities for automation leading to resources focusing on higher-value activities
  1. Comprehensive information security and monitoring across hybrid environments
  1. Flexible deployment covering today’s and tomorrow’s architecture and landscapes

By establishing this foundation for digital trust, CFOs can begin to rely on their GRC programs as a shared effort across the business – without abandoning operational tasks. Data can be transformed to provide the insights that later fuel automated processes and notification-triggering through intelligent technologies such as machine learning, networked ecosystems enabled by the Internet of Things, and predictive analytics.

But more importantly, every line of business can better focus on making actionable decisions based on forward-looking insights that overcome today’s market challenges with consistency, certainty, simplicity, and clarity.

Want to hear more how GRC and security leaders are harnessing the power of technology innovations to transform their operations? Register today to attend the first-ever, complimentary online SAP Finance and Risk Management Virtual Event Feb. 5 for an insightful experience of customers, experts, partners, and SAP executives discussing today’s pressing challenges and opportunities.

Follow SAP Finance online: @SAPFinance (Twitter) | LinkedIn | FacebookYouTube


Bruce Romney

About Bruce Romney

Bruce Romney is a senior director in the SAP Marketing organization for governance, risk, and compliance solutions. His experience in GRC topics stems from a wide range of activities. These include consulting on several engagements in the risk and advisory practice of a large public accounting firm across various verticals, managing large-scale e-discovery projects, and industry experience managing a contract manufacturing facility in Mexico including responsibility for the import/export function. He is a licensed CPA in the state of Texas.

Bruce McCuaig

About Bruce McCuaig

Bruce McCuaig is director of Product Marketing at SAP GRC solutions. He is responsible for development and execution of the product marketing strategy for SAP Risk Management, SAP Audit Management, and SAP solutions for three lines of defense. Bruce has extensive experience in industry as a finance professional, as a chief risk officer, and as a chief audit executive. He has written and spoken extensively on GRC topics and has worked with clients around the world implementing GRC solutions and technology.